Thursday, August 18, 2016

What I am reading 8/18/2016

Ars Technica - Cisco will lay off 5,500 employees, hoping to stay nimble -
Cisco said Wednesday that it will lay off 5,500 employees, or 7 percent of its 74,000 employees. That's less than the 14,000 predicted this morning, but still shows a company desperate to adapt to changes in business technology.
I've said this before - I have never seen a company reverse it's fortunes thru layoffs.  Not holding out hope here.

WiredJ.K. Rowling Is Releasing 3 E-Books of Secret Hogwarts History -
On Sept. 6, Pottermore, J.K. Rowling’s official portal to her Wizarding World, will release three e-book shorts on the secret history of Hogwarts. Each story will combine details from Pottermore archives with new material from Rowling to give new background on the school. So if you ever wondered how a witch becomes a portrait or longed for a biography of Care of Magical Creatures teacher Silvanus Kettleburn, you’re in luck.
Tech Crunch - Cisco and Fortinet say vulnerabilities disclosed in ‘NSA hack’ are legit -
A group calling itself the Shadow Brokers dumped data online this weekend that it claimed to have stolen from the Equation Group, a hacking team widely believed to be associated with the NSA. Firewall makers Cisco and Fortinet have now confirmed that vulnerabilities included in the data dump affected their products — a disclosure that lends credence to the theory that the Equation Group is indeed an NSA operation.
I believe the working theory now, backed by Edward Snowden, is that Russia is behind this leak.  The fact that all the tools released so far date from 2013 or earlier (or at least that is the last I read) makes me wonder if they were contained as part of the Snowden files (although you all (both of you) know my feelings on that). 

Boing Boing - The surprising spryness of fighters in 15th C armor -

We just had this discussion at the Friday night game I participate in.  In fact I think I even used the same video as proof of my point.  

Dark Reading - What Mr. Robot Can Teach Businesses About Security -

McGregor and Kazanciyan were quick to note that all of Elliot's coding tricks and social engineering are drawn from real cases. "We're not showing anything that's magical or hasn't been thought of – it's all been done in the private sector or already written," McGregor added. And they're not worried about copycats since all the hacks are essentially in the public domain already.
The technical advisors are also careful to show that hacking requires long, sometimes tedious hours and that code doesn't always work right – or in the way it was intended.
I have made the same arguments surrounding Blackhat which, while not a perfect movie by any means does demonstrate a) That hacking isn't all about magic code.  b) How much damage a properly engineered social engineering attack can do (yes, even the NSA phishing attack) c) Insider threats, and d) How often a hack devolves into a knife fight or barroom brawl.  OK, that last one maybe be a misinterpretation on my part, but you get my point.










Post a Comment

OSCP and Defcon26

First - I was thinking my OSCP course started on the 27th, nope it starts on the 19th.  I would have missed it except i decided to double ch...